Powered by GitBook

1 of 1

Loading...

L2 - Strategy and Design

To know more about this phase of the DPI life cycle, click here

Click on any process listed below to learn about illustrative practices that can be implemented.

Process

Principle

Risk

n

F3.3 Identify and address end user/citizen needs

F3 Do not exclude

F1.3 Establish monitoring and mitigation teams

SV 1 Digital distrust,

SV4 Technical shortcomings

F2.1 Implement alternative enrollment measures

F2 Do not discriminate

F3.3 Assess the interoperability system

F3 Do not exclude

SV3 Weak institutions,

SV4 Technical shortcomings

F3.4 Develop alternative processes to allow access to services without requiring subscription to a DPI system

F3 Do not exclude

RI2 Unequal access

F3.5 Implement affirmative design measures

F3 Do not exclude

SV2 Weak rule of law

F4.5 Establish comprehensive auditing mechanisms

F4 Reinforce transparency and accountability

SV3 Weak institutions,

F4.6 Create stakeholder participation systems

F4 Reinforce transparency and accountability

SV 1 Digital distrust,

F4.7 Ensure an auditable data trail for dispute redressal

F4 Reinforce transparency and accountability

RS2 Digital insecurity

RS4 Lack of recourse

F4.8 Provide clear definitions for key human rights terms so basic understanding of harms is inter-operable and can be benchmarked across systems.

F4 Reinforce transparency and accountability

RI4 Disempowerment

RI2 Unequal access

F6.3 Incorporate user choice mechanisms to participate

F6 Promote autonomy and agency

RI4 Disempowerment

SV4 Technical shortcomings

F6.4 Design user interfaces that empower data subjects with clear and continuous control over their data.

F6 Promote autonomy and agency

RI4 Disempowerment

F7.3 Forward relevant stakeholder inputs to the DPI implementors.

F7 Foster community engagement

SV3 Weak institutions

RI4 Disempowerment

F7.4 Sustain the participation of affected communities in the process by providing funding for the total cost of community engagment

F7 Foster community engagement

RI2 Unequal access

F8.3 Ensure that the DPI interface indicates the responsible public authority and their contact information for complaints and inquiries.

F8 Ensure effective remedy and redress

SV1 Digital distrust

F9.4 Adopt common standards, conduct regular system integration tests, and ensure that redundant system operations are removed

F9 Focus on future sustainability

SV5 Unsustainability

SV3 Weak institutions

F9.5 Conduct stringent security checks and vendor assessments

F9 Focus on future sustainability

SV3 Weak institutions

SV5 Unsustainability

F9.6 Encourage modular system design and support for multiple technologies.

F9 Focus on future sustainability

SV3 Weak institutions

SV5 Unsustainability

F9.7 Adopt comprehensive procurement processes that prevent vendor lock in

F9 Focus on future sustainability

SV4 Technical shortcomings

SV2 Weak rule of law

O1.4 Provide tools and support to enable integration and scalability

O1 Leverage market dynamics

SV5 Unsustainability

O1.5 Develop an open access system with APIs, accountability, and fraud protections

O1 Leverage market dynamics

RS2 Digital insecurity

O2.2 Implement regular public consultations and review mechanisms.

O2 Evolve with evidence

RI4 Disempowerment

O2.3 Design mechanisms to generate relevant data

O2 Evolve with evidence

SV3 Weak institutions

SV4 Technical shortcomings

O2.4 Design feedback loops to address data inaccuracies and enable community reporting

O2 Evolve with evidence

RS2 Digital insecurity

SV4 Technical shortcomings

SV 1 Digital distrust

O3.5 Integrate strict data minimization protocols into design

O3 Ensure data privacy by design

SV 1 Digital distrust

RS1 Privacy Vulnerability

O3.6 Establish multi-layered security controls to protect data throughout its lifecycle

O3 Ensure data privacy by design

RS1 Privacy Vulnerability

SV4 Technical shortcomings

RI4 Disempowerment

O3.7 Undertake a Data Protection Impact assessments and legislative reforms prior to DPI roll out

O3 Ensure data privacy by design

RS1 Privacy Vulnerability

SV2 Weak rule of law

O3.8 Enable third party audits

O3 Ensure data privacy by design

RS1 Privacy Vulnerability

O3.9 Establish Robust Data Delinking Mechanisms once the purpose of the processing of personal information has been served

O3 Ensure data privacy by design

RS1 Privacy Vulnerability

RS2 Digital insecurity

O3.10 Enable different levels of privacy between payer and payee, where appropriate.

O3 Ensure data privacy by design

RS2 Digital insecurity

RS1 Privacy Vulnerability

O3.11 Implement symmetrical identification so users know the identity of the other party in a transaction.

O3 Ensure data privacy by design

SV1 Digital distrust

O3.12 Implement and protect the right to pseudonymity within DPI systems, when applicable.

O3 Ensure data privacy by design

SV1 Digital distrust

O3.13 Ensure that biometric authentication is not mandatory

O3 Ensure data privacy by design

RS1 Privacy Vulnerability

SV4 Technical shortcomings

O4.8 Design specific security features to protect against unauthorized access and data breaches

O4 Assure data security by design

RS1 Privacy Vulnerability